package com.xiangxiao.rpan.authority.config;

import com.xiangxiao.rpan.authority.constant.GlobalConsts;
import com.xiangxiao.rpan.authority.oauth.LocalAccessDeniedHandler;
import com.xiangxiao.rpan.authority.oauth.LocalAuthenticationEntryPoint;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * @auther xiangxiao
 * @email 573768011@qq.com
 * @data 2023/3/21 19:43
 * @Configuration 注解，保证 OAuth2ResourceServer 能够被 SpringBoot 扫描到配置
 * @EnableResourceServer 注解，开启资源服务器
 * 继承( extends ) ResourceServerConfigurerAdapter 类，并覆写 #configure(HttpSecurity http) 方法, 配置对 HTTP 请求中，匹配 /api/**" 路径，开启认证的验证
 */
@Configuration
@EnableResourceServer
public class OauthResourceServerConfiguration extends ResourceServerConfigurerAdapter {
  @Override
  public void configure(HttpSecurity http) throws Exception {
    String[] passURL = new String[]{GlobalConsts.PASS_URL_HOME_PAGE, GlobalConsts.PASS_URL_LOGIN,
        GlobalConsts.PASS_URL_CHECK_PERMISSION, GlobalConsts.PASS_URL_TOKEN_USER_INFO
        , GlobalConsts.PASS_URL_TOKEN_DATA_RULE_CHECK, GlobalConsts.PASS_URL_TOKEN_ORGANIZATION, GlobalConsts.VALIDATE_USER_REPEAT};
    http.authorizeRequests()
        .antMatchers("/**").permitAll()
        .and()
        .authorizeRequests();
  }

  public void configure(ResourceServerSecurityConfigurer resources) {
    resources.accessDeniedHandler(new LocalAccessDeniedHandler());
    resources.authenticationEntryPoint(new LocalAuthenticationEntryPoint());
  }
}
